[go: up one dir, main page]

CN114091002A - Cloud desktop access authentication method, electronic device and computer-readable storage medium - Google Patents

Cloud desktop access authentication method, electronic device and computer-readable storage medium Download PDF

Info

Publication number
CN114091002A
CN114091002A CN202010856614.5A CN202010856614A CN114091002A CN 114091002 A CN114091002 A CN 114091002A CN 202010856614 A CN202010856614 A CN 202010856614A CN 114091002 A CN114091002 A CN 114091002A
Authority
CN
China
Prior art keywords
dynamic password
cloud desktop
user
terminal
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010856614.5A
Other languages
Chinese (zh)
Inventor
谢迪
管天云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202010856614.5A priority Critical patent/CN114091002A/en
Priority to PCT/CN2021/114159 priority patent/WO2022042504A1/en
Publication of CN114091002A publication Critical patent/CN114091002A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a cloud desktop access authentication method, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: receiving a cloud desktop access request of a client terminal, wherein the cloud desktop access request carries user authentication information acquired by the client terminal from a USB-Key; generating a first dynamic password according to the cloud desktop access request, and sending the user authentication information and the first dynamic password to a cloud service terminal so that the cloud service terminal verifies the user authentication information and stores the first dynamic password; receiving verification information sent by the cloud service terminal according to the user authentication information; and sending the first dynamic password to a preset password receiving device, so that the client terminal acquires the authority for accessing the cloud desktop from the cloud service terminal according to the first dynamic password received by the preset password receiving device. The invention greatly improves the security of the cloud desktop access authentication in a double verification mode.

Description

Cloud desktop access authentication method, electronic device and computer-readable storage medium
Technical Field
The invention relates to the technical field of cloud terminals, in particular to a cloud desktop access authentication method, electronic equipment and a computer readable storage medium.
Background
Currently, many users select to store important data such as file data on a cloud service terminal, and access the data stored in the cloud service terminal by logging in a cloud desktop. Many users are easy to invade due to the weak strength of the set password, and once the account password is leaked, serious consequences are brought. Thus placing higher demands on the security of authorized access to the cloud desktop.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the invention provides a cloud desktop access authentication method, electronic equipment and a computer readable storage medium, which are used for improving the security of cloud desktop access authentication.
In a first aspect, an embodiment of the present invention provides a cloud desktop access authentication method, which is applied to an authentication auxiliary terminal, and the method includes:
receiving a cloud desktop access request of a client terminal, wherein the cloud desktop access request carries user authentication information acquired by the client terminal from a USB-Key;
generating a first dynamic password according to the cloud desktop access request, and sending the user authentication information and the first dynamic password to a cloud service terminal so that the cloud service terminal verifies the user authentication information and stores the first dynamic password;
receiving verification information sent by the cloud service terminal according to the user authentication information;
and under the condition that the verification information indicates that the user authentication information passes verification, the first dynamic password is sent to a preset password receiving device, so that the client terminal obtains the authority of accessing the cloud desktop from the cloud service terminal according to the first dynamic password received by the preset password receiving device.
In a second aspect, an embodiment of the present invention provides a cloud desktop access authentication method, which is applied to a cloud service terminal, and the method includes:
receiving user authentication information and a first dynamic password sent by an authentication auxiliary terminal;
verifying the user authentication information, and sending verification information indicating that the user authentication information is verified to pass to the authentication auxiliary terminal under the condition that the user authentication information is verified to pass;
saving the first dynamic password;
receiving a second dynamic password sent by a client terminal, matching the second dynamic password sent by the client terminal with the stored first dynamic password, and granting the client terminal the authority to access the cloud desktop when the second dynamic password sent by the client terminal is matched with the stored first dynamic password.
In a third aspect, an embodiment of the present invention provides a cloud desktop access authentication method, which is applied to a client terminal, where the client terminal is connected with a USB-Key, and the method includes:
acquiring user authentication information from the USB-Key;
sending a cloud desktop access request to an authentication auxiliary terminal, wherein the cloud desktop access request carries the user authentication information;
and sending a second dynamic password to the cloud service terminal according to a first dynamic password received by preset password receiving equipment and sent by the authentication auxiliary terminal, so as to acquire the authority for accessing the cloud desktop from the cloud service terminal.
In a fourth aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the cloud desktop access authentication method described above when executing the program.
In a fifth aspect, the present invention provides a computer-readable storage medium storing computer-executable instructions for performing the steps of the cloud desktop access authentication method described above.
The embodiment of the invention comprises the following steps: receiving a cloud desktop access request of a client terminal, wherein the cloud desktop access request carries user authentication information acquired by the client terminal from a USB-Key; generating a first dynamic password according to the cloud desktop access request, and sending the user authentication information and the first dynamic password to a cloud service terminal so that the cloud service terminal verifies the user authentication information and stores the first dynamic password; receiving verification information sent by the cloud service terminal according to the user authentication information; and under the condition that the verification information indicates that the user authentication information passes verification, the first dynamic password is sent to a preset password receiving device, so that the client terminal obtains the authority of accessing the cloud desktop from the cloud service terminal according to the first dynamic password received by the preset password receiving device. According to the scheme of the embodiment of the invention, on one hand, the identity of the operation user of the current operation client is verified based on the USB-Key user authentication information with extremely high security, so that whether the operation user has the authority of accessing the cloud desktop is determined, and the condition that the user account is stolen is effectively avoided; on the other hand, under the condition that the user authentication information of the USB-Key passes the verification, the dynamic password is sent to the preset password receiving equipment so as to further verify the identity of the operating user through the dynamic password, and therefore the security of the cloud desktop access authentication is greatly improved through a double verification mode.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a system architecture diagram to which the cloud desktop access authentication method provided by the embodiment of the present invention is applied;
fig. 2 is a flowchart of a cloud desktop access authentication method according to an embodiment of the present invention;
fig. 3 is a flowchart of a cloud desktop access authentication method according to another embodiment of the present invention;
fig. 4 is a flowchart of a cloud desktop access authentication method according to another embodiment of the present invention;
fig. 5 is an exemplary flowchart of a cloud desktop access authentication method of the present invention.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be understood that in the description of the embodiments of the present invention, if there is any description of "first", "second", etc., it is only for the purpose of distinguishing technical features, and it is not to be understood as indicating or implying relative importance or implicitly indicating the number of indicated technical features or implicitly indicating the precedence of the indicated technical features. "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, and means that there may be three relationships, for example, a and/or B, and may mean that a exists alone, a and B exist simultaneously, and B exists alone. Wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" and similar expressions refer to any combination of these items, including any combination of singular or plural items. For example, at least one of a, b, and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, wherein a, b and c can be single or multiple.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The cloud desktop is a user interface which is generated in the cloud service terminal through a virtualization technology, such as an operating system and an application program run by a virtual computer, and can be remotely provided for the client terminal. After the cloud desktop is adopted, a user can log in the cloud desktop through different terminal equipment at any place and any time through a network so as to access resources stored in the cloud.
At present, the process of a user logging in a cloud desktop is as follows: firstly, a user inputs a website of a cloud service terminal (namely a cloud server) in a browser of a client terminal, and opens a login page of the cloud server; then, an account and a password which are registered in the server by the user are input in the login page, the cloud server authenticates the account and the password which are input by the user, and after the authentication is passed, a main page of the cloud server is sent to a terminal where the user is located; the main page of the cloud server is provided with a login link of a cloud desktop; when a user clicks the login link of the cloud desktop, the cloud server sends a login page of the cloud desktop to a terminal where the user is located; when a user inputs a registered cloud desktop account and a registered password in a login page of the cloud desktop, the cloud desktop performs authority authentication on the account and the password; and after the authentication is passed, the cloud server generates a cloud desktop of which the user has the authority, and sends the cloud desktop to the client terminal of the user. According to the technical scheme, the bearing mode of the user identity information is too simple and can be easily acquired by others; although the identity authentication is performed twice, the information of each authentication is the same, and the reliability cannot be guaranteed.
Based on the above analysis, embodiments of the present invention provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium, which are used to improve security of access authentication of a cloud desktop.
Fig. 1 is a system architecture diagram illustrating a cloud desktop access authentication method according to an embodiment of the present invention. The system architecture comprises a client terminal, an authentication auxiliary terminal and a cloud service terminal, and communication interaction can be carried out among the client terminal, the authentication auxiliary terminal and the cloud service terminal. The authentication auxiliary terminal and the cloud service terminal can be arranged at the cloud end, and can be mutually independent server equipment or two virtual machines arranged on the same server equipment. The device form of the client terminal can be a common computer, a tablet computer, a smart phone and the like, and the client terminal can be connected with USB-Key devices.
Fig. 2 shows a flowchart of a cloud desktop access authentication method according to an embodiment of the present invention. The method is applied to the authentication auxiliary terminal, and as shown in fig. 2, the method comprises the following steps:
s110, receiving a cloud desktop access request of the client terminal, wherein the cloud desktop access request carries user authentication information acquired by the client terminal from the USB-Key.
As an example, when a user needs to log in a cloud desktop for access, a USB-Key is inserted into a client terminal, and a login link of the cloud desktop is clicked on the client terminal, when the user clicks the login link of the cloud desktop, the client terminal obtains user authentication information from the USB-Key, encapsulates the user authentication information into a cloud desktop access request message, and sends the cloud desktop access request message carrying the user authentication information to an authentication auxiliary terminal, so that the authentication auxiliary terminal receives the cloud desktop access request, and sends the user authentication information from the USB-Key carried in the cloud desktop access request to a cloud service terminal for verification.
As an example, the user authentication information in step S110 includes a user identification code, which may be in the form of a character string, pre-stored in the USB-Key and cloud service terminal for matching verification.
And S120, generating a first dynamic password according to the cloud desktop access request, and sending the user authentication information and the first dynamic password to the cloud service terminal so that the cloud service terminal verifies the user authentication information and stores the first dynamic password.
As an example, after receiving a cloud desktop access request from a client, the authentication auxiliary terminal generates a first dynamic password, extracts user authentication information from the cloud desktop access request, and sends the first dynamic password and the user authentication information to the cloud service terminal. After receiving the first dynamic password and the user authentication information from the authentication auxiliary terminal, the cloud service terminal stores and verifies the user authentication information and returns verification information indicating a verification result to the authentication auxiliary terminal. In addition, the cloud service terminal saves the first dynamic password.
It should be understood that the first dynamic password may be a character string randomly generated by the authentication assistance terminal, and the character string may include one or more of numbers, letters, and symbols.
And S130, receiving verification information sent by the cloud service terminal according to the user authentication information.
As an example, the authentication assisting terminal receives verification information sent by the cloud service terminal, where the verification information is used to indicate a verification result of the cloud service terminal on the user authentication information.
And S140, under the condition that the verification information indicates that the user authentication information passes verification, sending the first dynamic password to a preset password receiving device, so that the client terminal acquires the authority of accessing the cloud desktop from the cloud service terminal according to the first dynamic password received by the preset password receiving device.
As an example, if the verification information received by the authentication assistant terminal from the cloud service terminal indicates that the user authentication information is verified, the first dynamic password is sent to a preset password receiving device.
The password receiving device may be a mobile phone terminal corresponding to a mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication auxiliary terminal sends a first dynamic password to a mobile phone terminal of the user, a mobile phone number of the mobile phone terminal is reserved when the user registers, the user obtains the first dynamic password from the mobile phone terminal, then a second dynamic password identical to the first dynamic password is input on the client terminal, the client terminal sends the second dynamic password input by the user to the cloud service terminal, so that the cloud service terminal matches and compares the second dynamic password with the previously stored first dynamic password, and if the second dynamic password is matched with the previously stored first dynamic password, the client terminal is granted the authority of accessing the cloud desktop.
In some embodiments, before step S110, the method of embodiments of the present invention further comprises: receiving a user name and an access password sent by a client terminal, and matching the user name and the access password; and under the condition that the user name is matched with the access password, generating a first dynamic password according to the cloud desktop access request.
For example, when a user needs to log in a cloud desktop, a website of a cloud service terminal is input in a browser of a client terminal, and an access page of the cloud service terminal is logged in through a registered user name and an access password; the client terminal acquires a user name and an access password input by a user and sends the user name and the access password to the authentication auxiliary terminal, the authentication auxiliary terminal matches the user name and the access password, and if the user name and the access password are matched, the user is allowed to log in an access page of the cloud service terminal; after entering an access page of the cloud service terminal, a user clicks a login link of a cloud desktop to send a cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives a cloud desktop access request sent by a client terminal and generates a first dynamic password according to the cloud desktop access request; if not, prompt information indicating that the cloud desktop access request is rejected can be returned to the client terminal.
Certainly, the user can also input the website of the cloud service terminal in the browser of the client terminal to directly enter the access page of the cloud service terminal, a login frame for inputting a user name and an access password is arranged in the access page, a cloud desktop login link button is arranged in the login frame, and the user clicks the login link button after inputting the user name and the access password in the login frame to send a cloud desktop access request to the authentication auxiliary terminal; the client terminal obtains a user name and an access password of the user, the user name, the access password and user authentication information are packaged into a cloud desktop access request together to be sent to an authentication auxiliary terminal, the authentication auxiliary terminal matches the user name and the access password, and if the user name, the access password and the user authentication information are matched, a first dynamic password is generated according to the cloud desktop access request; if not, prompt information indicating that the cloud desktop access request is rejected can be returned to the client terminal.
In some embodiments, after step S140, the method of embodiments of the present invention further comprises: and when the first dynamic password is sent to the client terminal, the first dynamic password is cancelled so as to avoid the first dynamic password from being stolen or reused.
Fig. 3 shows a flowchart of a cloud desktop access authentication method according to an embodiment of the present invention. The method is applied to a cloud service terminal, and as shown in fig. 3, the method includes the following steps:
s210, receiving user authentication information and a first dynamic password sent by the authentication auxiliary terminal.
As an example, when a user needs to log in a cloud desktop for access, a USB-Key is inserted into a client terminal, and a login link of the cloud desktop is clicked on the client terminal, when the user clicks the login link of the cloud desktop, the client terminal obtains user authentication information from the USB-Key, encapsulates the user authentication information into a cloud desktop access request message, and sends the cloud desktop access request message carrying the user authentication information to an authentication auxiliary terminal, so that the authentication auxiliary terminal receives the cloud desktop access request, and the authentication auxiliary terminal sends the user authentication information from the USB-Key carried in the cloud desktop access request to a cloud service terminal for verification.
S220, the user authentication information is verified, and under the condition that the user authentication information is verified, verification information indicating that the user authentication information is verified is sent to the authentication auxiliary terminal.
As an example, after receiving user authentication information sent by an authentication auxiliary terminal, a cloud service terminal locally searches for pre-stored user authentication information matched with the user authentication information; if the matched pre-stored user authentication information is found, the verification of the user authentication information sent by the authentication auxiliary terminal is passed, and the cloud service terminal returns verification information indicating that the user authentication information is passed to the authentication auxiliary terminal; if the matched pre-stored user authentication information cannot be searched, the verification of the user authentication information sent by the authentication auxiliary terminal is failed, and the cloud service terminal returns verification information indicating the user authentication information verification failure to the authentication auxiliary terminal.
And S230, saving the first dynamic password.
As an example, when determining that the user authentication information is verified, the cloud service terminal saves the first dynamic password sent by the authentication auxiliary terminal for verification of the second dynamic password sent by the client terminal in subsequent steps.
And S240, receiving a second dynamic password sent by the client terminal, matching the second dynamic password sent by the client terminal with the stored first dynamic password, and granting the client terminal the authority to access the cloud desktop when the second dynamic password sent by the client terminal is matched with the stored first dynamic password.
As an example, after receiving verification information indicating that the user authentication information is verified from the cloud service terminal, the authentication auxiliary terminal sends the first dynamic password to a preset password receiving device. The password receiving device may be a mobile phone terminal corresponding to a mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication auxiliary terminal sends a first dynamic password to a mobile phone terminal of the user, a mobile phone number of the mobile phone terminal is reserved when the user registers, the user obtains the first dynamic password from the mobile phone terminal, then a second dynamic password which is the same as the first dynamic password is input to the client terminal, and the client terminal sends the second dynamic password input by the user to the cloud service terminal.
After receiving a second dynamic password sent by the client terminal, the cloud service terminal matches and compares the second dynamic password with a first dynamic password stored previously, and if the second dynamic password is matched with the first dynamic password stored previously, the client terminal is granted the authority to access the cloud desktop; and if the second dynamic password is failed to be matched with the first dynamic password stored previously, returning indication information of failure in authentication of the access cloud desktop authority to the client terminal.
Fig. 4 shows a flowchart of a cloud desktop access authentication method according to an embodiment of the present invention. The method is applied to a client terminal, the client terminal is linked with a USB-Key, and as shown in figure 4, the method comprises the following steps:
s310, obtaining user authentication information from the USB-Key.
By way of example, when a user needs to log in a cloud desktop for access, a USB-Key is inserted into a client terminal, a login link of the cloud desktop is clicked on the client terminal, and when the user clicks the login link of the cloud desktop, the client terminal acquires user authentication information from the USB-Key.
And S320, sending a cloud desktop access request to the authentication auxiliary terminal, wherein the cloud desktop access request carries user authentication information.
As an example, when a user clicks a login link of a cloud desktop, a client terminal generates a cloud desktop access request message and encapsulates user authentication information acquired from a USB-Key into the cloud desktop access request message; the client terminal sends the cloud desktop access request message carrying the user authentication information to the authentication auxiliary terminal, so that the authentication auxiliary terminal receives the cloud desktop access request and sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
And S330, sending a second dynamic password to the cloud service terminal according to the first dynamic password received by the preset password receiving equipment and sent by the authentication auxiliary terminal, so as to obtain the authority of accessing the cloud desktop from the cloud service terminal.
As an example, the authentication auxiliary terminal generates a first dynamic password according to a cloud desktop access request of the client terminal, and sends the first dynamic password and the user authentication information to the cloud service terminal; the cloud service terminal verifies the user authentication information, if the user authentication information passes the verification, the first dynamic password is stored, and verification information indicating that the user authentication information passes the verification is returned to the authentication auxiliary terminal; and after the authentication auxiliary terminal determines that the user authentication information passes the authentication according to the authentication information, the authentication auxiliary terminal sends the generated first dynamic password to a password receiving device preset by the user. The password receiving device may be a mobile phone terminal corresponding to a mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication auxiliary terminal sends a first dynamic password to a mobile phone terminal of the user, a mobile phone number of the mobile phone terminal is reserved when the user registers, the user obtains the first dynamic password from the mobile phone terminal, then a second dynamic password identical to the first dynamic password is input on the client terminal, the client terminal sends the second dynamic password input by the user to the cloud service terminal, so that the cloud service terminal matches and compares the second dynamic password with the previously stored first dynamic password, and if the second dynamic password is matched with the previously stored first dynamic password, the client terminal is granted the authority of accessing the cloud desktop.
In some embodiments, the method of embodiments of the present invention further comprises: the method comprises the steps of obtaining a user name and an access password input by a user, and sending the user name and the access password to an authentication auxiliary terminal, so that the authentication auxiliary terminal generates a first dynamic password according to a cloud desktop access request under the condition that the user name and the access password are matched.
For example, when a user needs to log in a cloud desktop, a website of a cloud service terminal is input in a browser of a client terminal, and an access page of the cloud service terminal is logged in through a registered user name and an access password; the client terminal acquires a user name and an access password input by a user and sends the user name and the access password to the authentication auxiliary terminal, the authentication auxiliary terminal matches the user name and the access password, and if the user name and the access password are matched, the user is allowed to log in an access page of the cloud service terminal; after entering an access page of the cloud service terminal, a user clicks a login link of a cloud desktop to send a cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives a cloud desktop access request sent by a client terminal and generates a first dynamic password according to the cloud desktop access request; if not, prompt information indicating that the cloud desktop access request is rejected can be returned to the client terminal.
Certainly, the user can also input the website of the cloud service terminal in the browser of the client terminal to directly enter the access page of the cloud service terminal, a login frame for inputting a user name and an access password is arranged in the access page, a cloud desktop login link button is arranged in the login frame, and the user clicks the login link button after inputting the user name and the access password in the login frame to send a cloud desktop access request to the authentication auxiliary terminal; the client terminal obtains a user name and an access password of the user, the user name, the access password and user authentication information are packaged into a cloud desktop access request together to be sent to an authentication auxiliary terminal, the authentication auxiliary terminal matches the user name and the access password, and if the user name, the access password and the user authentication information are matched, a first dynamic password is generated according to the cloud desktop access request; if not, prompt information indicating that the cloud desktop access request is rejected can be returned to the client terminal.
In some embodiments, the user authentication information includes a user identification code, which may be in the form of a character string, and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
As shown in fig. 5, to facilitate understanding of the method according to the embodiment of the present invention, the cloud desktop access authentication method provided by the embodiment of the present invention is further described below by using a specific example.
S410, the client terminal acquires user authentication information from the USB-Key;
s420, the client terminal sends a cloud desktop access request to the authentication auxiliary terminal, wherein the cloud desktop access request carries user authentication information;
s430, the authentication auxiliary terminal receives a cloud desktop access request of the client terminal, generates a first dynamic password according to the cloud desktop access request, and sends user authentication information and the first dynamic password to the cloud service terminal;
s440, the cloud service terminal receives the user authentication information and the first dynamic password sent by the authentication auxiliary terminal, verifies the user authentication information, and sends verification information indicating that the user authentication information is verified to be passed to the authentication auxiliary terminal under the condition that the user authentication information is verified to be passed;
s450, the authentication auxiliary terminal receives verification information sent by the cloud service terminal according to the user authentication information, and sends the first dynamic password to preset password receiving equipment under the condition that the verification information indicates that the user authentication information passes verification;
s460, the client terminal sends a second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication auxiliary terminal and received by the preset password receiving equipment;
and S470, the cloud service terminal receives the second dynamic password sent by the client terminal, matches the second dynamic password sent by the client terminal with the stored first dynamic password, and grants the client terminal the authority to access the cloud desktop when the second dynamic password sent by the client terminal is matched with the stored first dynamic password.
According to the scheme of the embodiment of the invention, on one hand, the identity of the operation user of the current operation client is verified based on the USB-Key user authentication information with extremely high security, so that whether the operation user has the authority of accessing the cloud desktop is determined, and the condition that the user account is stolen is effectively avoided; on the other hand, under the condition that the user authentication information of the USB-Key passes the verification, the dynamic password is sent to the preset password receiving equipment so as to further verify the identity of the operating user through the dynamic password, and therefore the security of the cloud desktop access authentication is greatly improved through a double verification mode.
It should be further understood that, in the above embodiments, the descriptions of the respective embodiments have respective emphasis, and that, for a part that is not described or recited in a certain embodiment, reference may be made to the related descriptions of other embodiments.
Fig. 6 illustrates an electronic device 600 provided by an embodiment of the invention. As shown in fig. 6, the electronic device 600 includes, but is not limited to:
a memory 601 for storing programs;
the processor 602 is configured to execute the program stored in the memory 601, and when the processor 602 executes the program stored in the memory 601, the processor 602 is configured to execute the cloud desktop access authentication method.
The processor 602 and memory 601 may be connected by a bus or other means.
The memory 601, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs and non-transitory computer executable programs, such as the cloud desktop access authentication method described in any embodiment of the present invention. The processor 602 implements the cloud desktop access authentication method described above by running non-transitory software programs and instructions stored in the memory 601.
The memory 601 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area can store and execute the cloud desktop access authentication method. Further, the memory 601 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 601 may optionally include memory located remotely from the processor 602, which may be connected to the processor 602 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Non-transitory software programs and instructions required to implement the cloud desktop access authentication method described above are stored in the memory 601 and, when executed by the one or more processors 602, perform the cloud desktop access authentication method provided by any embodiment of the present invention.
The embodiment of the invention also provides a storage medium, which stores computer executable instructions, and the computer executable instructions are used for executing the cloud desktop access authentication method.
In an embodiment, the storage medium stores computer-executable instructions, which are executed by one or more control processors 602, for example, by one processor 602 in the electronic device 600, and may cause the one or more processors 602 to execute the cloud desktop access authentication method provided in any embodiment of the present invention.
The above described embodiments are merely illustrative, wherein elements illustrated as separate components may or may not be physically separate, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
While the preferred embodiments of the present invention have been described in detail, the present invention is not limited to the above embodiments, and those skilled in the art will appreciate that the present invention is not limited thereto. Under the shared conditions, various equivalent modifications or substitutions can be made, and the equivalent modifications or substitutions are included in the scope of the invention defined by the claims.

Claims (10)

1. A cloud desktop access authentication method is applied to an authentication auxiliary terminal and comprises the following steps:
receiving a cloud desktop access request of a client terminal, wherein the cloud desktop access request carries user authentication information acquired by the client terminal from a USB-Key;
generating a first dynamic password according to the cloud desktop access request, and sending the user authentication information and the first dynamic password to a cloud service terminal so that the cloud service terminal verifies the user authentication information and stores the first dynamic password;
receiving verification information sent by the cloud service terminal according to the user authentication information;
and under the condition that the verification information indicates that the user authentication information passes verification, the first dynamic password is sent to a preset password receiving device, so that the client terminal obtains the authority of accessing the cloud desktop from the cloud service terminal according to the first dynamic password received by the preset password receiving device.
2. The method of claim 1, further comprising:
receiving a user name and an access password sent by the client terminal, and matching the user name and the access password;
and under the condition that the user name is matched with the access password, generating the first dynamic password according to the cloud desktop access request.
3. The method of claim 1, further comprising: and when the first dynamic password is sent to the client terminal, the first dynamic password is cancelled.
4. The method according to claim 1, wherein the user authentication information includes a user identification code stored in the USB-Key.
5. A cloud desktop access authentication method is applied to a cloud service terminal, and comprises the following steps:
receiving user authentication information and a first dynamic password sent by an authentication auxiliary terminal;
verifying the user authentication information, and sending verification information indicating that the user authentication information is verified to pass to the authentication auxiliary terminal under the condition that the user authentication information is verified to pass;
saving the first dynamic password;
receiving a second dynamic password sent by a client terminal, matching the second dynamic password sent by the client terminal with the stored first dynamic password, and granting the client terminal the authority to access the cloud desktop when the second dynamic password sent by the client terminal is matched with the stored first dynamic password.
6. A cloud desktop access authentication method is applied to a client terminal, the client terminal is connected with a USB-Key, and the method comprises the following steps:
acquiring user authentication information from the USB-Key;
sending a cloud desktop access request to an authentication auxiliary terminal, wherein the cloud desktop access request carries the user authentication information;
and sending a second dynamic password to the cloud service terminal according to a first dynamic password received by preset password receiving equipment and sent by the authentication auxiliary terminal, so as to acquire the authority for accessing the cloud desktop from the cloud service terminal.
7. The cloud desktop access authentication method of claim 6, further comprising:
and acquiring a user name and an access password input by a user, and sending the user name and the access password to the authentication auxiliary terminal so that the authentication auxiliary terminal generates the first dynamic password according to the cloud desktop access request under the condition that the user name and the access password are matched.
8. The cloud desktop access authentication method of claim 6, wherein the user authentication information comprises a user identification code stored in the USB-Key.
9. An electronic device, comprising: memory, processor and computer program stored on the memory and executable on the processor, which when executed by the processor implements the method of any one of claims 1 to 8.
10. A computer-readable storage medium having stored thereon computer-executable instructions for performing the method of any one of claims 1 to 8.
CN202010856614.5A 2020-08-24 2020-08-24 Cloud desktop access authentication method, electronic device and computer-readable storage medium Pending CN114091002A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010856614.5A CN114091002A (en) 2020-08-24 2020-08-24 Cloud desktop access authentication method, electronic device and computer-readable storage medium
PCT/CN2021/114159 WO2022042504A1 (en) 2020-08-24 2021-08-23 Cloud desktop access authentication method, electronic device, and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010856614.5A CN114091002A (en) 2020-08-24 2020-08-24 Cloud desktop access authentication method, electronic device and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN114091002A true CN114091002A (en) 2022-02-25

Family

ID=80295457

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010856614.5A Pending CN114091002A (en) 2020-08-24 2020-08-24 Cloud desktop access authentication method, electronic device and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN114091002A (en)
WO (1) WO2022042504A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118555083A (en) * 2023-02-20 2024-08-27 中兴通讯股份有限公司 Cloud desktop access method, server, cloud desktop system and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187362B (en) * 2014-06-23 2020-01-10 中兴通讯股份有限公司 Method and device for connection authentication between desktop cloud client and server
CN106331003B (en) * 2015-06-23 2019-09-03 中国移动通信集团重庆有限公司 A method and device for accessing an application portal system on a cloud desktop
CN107332808B (en) * 2016-04-29 2021-06-29 中兴通讯股份有限公司 A method, server and terminal for cloud desktop authentication
CN115333792B (en) * 2019-12-31 2025-09-26 华为云计算技术有限公司 Identity authentication method, device and related equipment

Also Published As

Publication number Publication date
WO2022042504A1 (en) 2022-03-03

Similar Documents

Publication Publication Date Title
CN106779716B (en) Authentication method, device and system based on block chain account address
CN108234505B (en) Account login method and system
CN103023918B (en) The mthods, systems and devices logged in are provided for multiple network services are unified
US9769155B2 (en) Login method and apparatus, and open platform system
US20160321745A1 (en) Account binding processing method, apparatus and system
CN112235321B (en) Short message verification code anti-brushing method and device
CN111030812A (en) Token verification method, device, storage medium and server
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN112822222A (en) Login verification method, automatic login verification method, server side and client side
CN109982322B (en) A screen projection method, device, system and storage medium
CN104954330A (en) Method of accessing data resources, device and system
CN103036902A (en) Login control method and login control system based on two-dimension code
CN108023881B (en) Application login method, device, medium and electronic equipment
CN108259457B (en) WEB authentication method and device
CN111259368A (en) Method and equipment for logging in system
CN107086979A (en) A user terminal verification login method and device
CN104348613B (en) User verification method, apparatus and system
CN110601832A (en) Data access method and device
CN109936579A (en) Single sign-on method, device, equipment and computer readable storage medium
CN112765583A (en) Single sign-on method, device, equipment and medium
CN115982694A (en) Resource access method, device, equipment and medium
CN115065510A (en) Login method, device, system, electronic equipment and readable storage medium
CN111698196A (en) Authentication method and micro-service system
CN112583600A (en) User authentication method, device, electronic equipment and medium
CN110113346B (en) Network verification method, user terminal and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination